Privacy Policy

Hephaestus CRM (“we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM service.

By using our Service, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our Service.

Personal Information

We may collect the following types of personal information:

• Account Information: Name, email address, phone number, company name, and job title
• Profile Information: Profile picture, preferences, and settings
• Billing Information: Payment details, billing address, and subscription information
• Customer Data: Information you input about your customers, contacts, and business relationships

Automatically Collected Information

• Usage Data: How you interact with our Service, features used, and time spent
• Device Information: IP address, browser type, operating system, and device identifiers
• Log Data: Server logs, error reports, and performance data
• Cookies: Small data files stored on your device to improve your experience

We use your information for the following purposes:

• Service Provision: To provide, maintain, and improve our CRM service
• Account Management: To create and manage your account and subscription
• Communication: To send you service updates, security alerts, and support messages
• Personalization: To customize your experience and provide relevant features
• Analytics: To understand usage patterns and improve our Service
• Security: To detect, prevent, and address technical issues and security threats
• Legal Compliance: To comply with applicable laws and regulations

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party vendors who help us operate our Service (hosting, payment processing, analytics)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Consent: When you explicitly consent to the sharing
• Protection: To protect our rights, property, or safety, or that of our users

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit and at rest using AES-256 encryption
• Access Controls: Strict access controls and authentication mechanisms
• Regular Audits: Security assessments and penetration testing
• Monitoring: Continuous monitoring for security threats and vulnerabilities
• Staff Training: Regular security training for all employees
• Compliance: SOC 2 Type II certified and GDPR compliant

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry best practices.

Depending on your location, you may have the following rights regarding your personal information:

• Access: Request access to your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information
• Portability: Request a copy of your data in a structured format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at privacy@hephaestus-crm.com.

We retain your information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 30 days after deletion
• Customer Data: Retained according to your instructions and deleted upon account termination
• Usage Data: Aggregated and anonymized data may be retained for analytics
• Legal Requirements: Some data may be retained longer to comply with legal obligations

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions for certain countries
• Other appropriate safeguards as required by applicable law

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending you an email notification (if you have an account)
• Providing notice through our Service before the changes become effective

Your continued use of our Service after any changes indicates your acceptance of the updated Privacy Policy.

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

• Email: privacy@hephaestus-crm.com
• Data Protection Officer: dpo@hephaestus-crm.com